A Clash of Cyber Civilizations

There has been little need for the term “cyber sovereignty” among democratic states: the Internet, by its nature, operates under an aegis of freedom and cooperation. However, as the international system slips away from American unipolarity, a competing model of cyber sovereignty has emerged in China that seeks to bind cyber borders to online censorship and surveillance. Given that democracies will always be hostile toward censorship, can these two models coexist? More importantly, should they?

This clash has been building since at least 2010, when, in retaliation to China’s Operation Aurora cyber attacks on a large number of U.S. firms, Google and the U.S. government publicly confronted China on its Internet censorship practices. The repercussions are now widespread, including U.S. distrust of Chinese telecom companies and China’s pressuring of foreign academic journals to engage in censorship. Yet, both the Chinese and Western models of cyber sovereignty share a fundamental pillar of cyber defense, which offers a path toward a more peaceful coexistence. However, in order to understand the challenges of the two working together, it is first necessary to explore their differences.

For China, the heart of cyber sovereignty is cyber borders. Last year, China’s Ministry of Foreign Affairs and the Cyberspace Administration of China jointly released a white paper, “International Strategy of Cooperation on Cyberspace,” which asserts that, as a basic norm in international relations, the principle of territorial sovereignty includes cyberspace. To that end, China seeks to govern its cyber borders similarly to its geographic borders, with the surveillance and censorship systems of the Great Firewall (GFW) serving as its cyber border wall and customs. The impetus for China’s stringent virtual private network (VPN) regulations is, in part, to strengthen its cyber borders by closing the gap in the GFW that VPNs create. However, the crackdown also exacts certain costs, such as from businesses and researchers, and knowingly allowing this toll underscores China’s commitment to cyber sovereignty.

On December 18, U.S. President Donald J. Trump announced the United States’ new national security strategy. He called China a “strategic competitor,” and, along with Russia, called it a “revisionist power.” Those two nations, Trump said, are...

China’s Internet strategy is based on implementing a traditional Westphalian concept of sovereignty as absolute control over national borders. Western democracies have been groping toward a different model that is based on the sovereignty concept underlying the post-World War II liberal international order as exemplified by the United Nations, the international trading system, and the international human rights system. Under this concept of sovereignty, countries use their sovereign right to enter into agreements with one another to construct institutions that mutually restrict states’ freedom of action both toward one another and toward their own citizens. Applying this concept to the cyber sphere means attempting to establish norms, treaties, and institutions that offer collective protections, such as restricting attacks, coordinating defenses, and sharing information and tools.

The two models have different structural strengths and weaknesses. For the Western model, upholding cyber sovereignty primarily rests on Internet freedom and cyber defense. As China’s cyber sovereignty is vulnerable to the free spread of information, its two pillars are censorship and cyber defense. The Chinese model is therefore a more difficult undertaking in the sense that it necessitates retooling the inherently free and open Internet to accommodate surveillance and censorship. Yet, it offers the advantage that censorship provides better cyber defense, and China thrives on the benefits of that coupling through its cyber borders. Alternatively, the Western model’s solution to the puzzle of how to improve cyber defense without sacrificing Internet freedoms is through international cooperation based on mutual trust and understanding. As a result, the strength of the Western model scales with the number of participants.

As the models continue to mature, clashes will become more frequent. Since cyber defense is not zero-sum, conflicts will revolve primarily around censorship, and each challenges the other in both passive and active ways. For the Western model, one passive force of influence is its wealth of important websites, such as for news, research, or social networking, that the GFW blocks. China attempts to counter this influence by building its own versions of these websites. Active measures include applying political pressure to improve Internet rights and the development of censorship circumvention and privacy tools. For the Chinese model, cyber borders radiate a passive effect of self-censorship over foreign websites that wish to avoid GFW blocks. Democracies, in turn, resist by pillorying websites that self-censor. Actively, China seeks a more state-centric system of governance for the Internet, and it may be testing a new approach to ask foreign websites to censor themselves.

The United States and China agreed in 2015 that neither government would support or conduct cyber-enabled theft of intellectual property and committed to working with international partners to identify appropriate norms in cyberspace. Both countries...

A recent example of this approach was China’s request of Cambridge University Press (CUP) to censor the website of its journal The China Quarterly for visitors from China. Disturbingly, CUP assented for several days before reversing its decision—demonstrating both the vulnerability and resiliency of open societies to this type of influence. One of China’s aims might have been to measure the resistance to its influence, but such actions engender greater mistrust. Australia, for instance, has appropriated the Solomon Islands undersea Internet cable contract from Huawei due to security concerns and fears of China’s meddling in its domestic politics, illustrating the challenges of entanglement. The CUP and Huawei examples also point to the models’ particular paradoxical struggles. China’s posture of non-interference—which led to its model in the first place—employs interference to succeed. Moreover, while a democratic state strives for cooperation in cyberspace, it does so with deep ties to Internet freedom, and these two impulses vie to guide its relationship with China in opposing directions.

Although in competition, the models are not wholly disparate and exclusive. China has been willing to participate in the Western model’s open-ended multilateralism; last year, for example, Canada and China signed a cyber defense pact agreeing not to conduct attacks on each other’s private sectors. Further, to a certain extent, Western states do engage in censorship and cyber border protections: the leaked U.S. National Security Council memo discussing a nationalized 5G network to guard against future threats from China offers one example. The memo’s existence also calls attention to how threats to the models may come from within: from private sector greed, for instance, such as the dissolution of net neutrality protections in the U.S., or from Chinese Internet users resisting censorship. It is also important to note that some countries take various hybrid approaches to these models, such as Singapore which engages in a high level of surveillance but not censorship. It is too early to tell whether cyber borders or cooperation will be more effective at combining security, access to necessary information, and control over potential threats, or whether the models will instead stabilize into a bipolar parity.

The success of one model may influence the other. If the Western model eclipses China’s in cyber defense capability, it could force China to prioritize cyber defense over censorship. In these circumstances, China may be willing to open its cyber borders to some degree in order to participate more fully in cooperative protection efforts, forfeiting some facility for censorship. Conversely, deficiencies in the Western model could likewise compel democratic states to fortify their cyber borders and surrender certain Internet freedoms.

Peacebuilding efforts are crucial; yet, last year, the United Nations reached a dead end in codifying a set of cyber norms to temper cyberspace’s anarchic character. Martha Finnemore recently wrote, “Contestation of cyber norms is to be expected, particularly because changing technology constantly creates new situations.” Thus, a particular difficulty with cyber norms is that they must be flexible enough to assuage fears of the unknown yet concrete enough to be meaningful. Cyber sovereignty presents an opportunity here, as it is a set of elemental cyber norms that offers a comparatively stable locus for the norm-building process.

The issue of censorship will remain non-negotiable, both for democracies and for China. However, if—as with the Canada-China agreement—the countries focus their Internet relationship on the shared goal of cyber defense, the two models may be able to coexist in relative peace. Cyber defense norms, treaties, and institutions may yield enough common ground to mitigate, somewhat, the inevitable conflicts over censorship in the years ahead. Democratic states now face a dilemma: the door to cooperation with China on cyber defense is open, but it requires overlooking China’s domestic censorship practices, and, in doing so, hazards further normalizing these practices. On the other hand, doing nothing may widen the gulf between the models and fracture the Internet even further.